PPTP Client VPN配置过程
时间:2006-06-02 来源:johnnysh
公司生产环境以VPN拨入进行维护,不过每人一个账号毕竟安全性太差;考虑到这点,决定在公司LAN里配置一台VPN Client,用以连接远程VPN Server,然后通过iptables来控制哪些机器可以访问生产环境的哪些服务器。这样一来,每个人不需要知道VPN拨入帐号和密码,只要保证这台VPN Client服务器的安全就可以了。
软件包可以通过google搜索获得,系统环境如下:
===========================================
RHEL4-U1
ppp-2.4.3-5
pptp-1.7.0-1
kernel_ppp_mppe-1.0.2-3dkms
PPTP Client环境配置如下:
===========================================
/etc/ppp/opionts文件内容:
name pptpd
lock
auth
refuse-eap
refuse-chap
refuse-mschap
nobsdcomp
nodeflate
#require-mschap-v2 //这一行一定要注释掉,当初就是没有注释这行,导致VPN拨入失败。
require-mppe-128 /etc/ppp/chap-secrets文件内容:
# Secrets for authentication using CHAP
# client server secret IP addresses
username pptpd password *
PPTP Client启动脚本
===========================================
通过crontab每5分钟调用一次,用以确认VPN链路是否正常,
如果VPN链路不能ping通,重新尝试进行VPN连接。 #!/bin/bash export PATH=/bin:/sbin:/usr/bin:/usr/sbin RESULT="/tmp/ping.log" case "$1" in
start)
echo "Startting pptp client..."
/usr/sbin/pptp pptp_server_ip user username &
sleep 10
/sbin/route add -net xxx.xxx.xxx.0/24 gw xxx.xxx.xxx.101
;;
stop)
echo "Stopping pptp client..."
kill -9 `cat /var/run/ppp0.pid`
;;
restart)
$0 stop
$0 start
;;
status)
ping -c 5 xxx.xxx.xxx.xxx > $RESULT
if [ `cat $RESULT | grep 'packets transmitted' | awk -F, '{print $2}' | awk '{print $1}'` -ne 5 ]; then
echo "Restart PPTP client at `date +%Y/%m/%d-%H:%M:%S`." | tee -a /var/log/messages
$0 stop;
$0 start;
rm -f $RESULT
else
echo "PPTP client is running at `date +%Y/%m/%d-%H:%M:%S`." | tee -a /var/log/messages
fi
;;
*)
echo "Usage: $0 start|stop|restart"
exit 1
;;
esac
软件包可以通过google搜索获得,系统环境如下:
===========================================
RHEL4-U1
ppp-2.4.3-5
pptp-1.7.0-1
kernel_ppp_mppe-1.0.2-3dkms
PPTP Client环境配置如下:
===========================================
/etc/ppp/opionts文件内容:
name pptpd
lock
auth
refuse-eap
refuse-chap
refuse-mschap
nobsdcomp
nodeflate
#require-mschap-v2 //这一行一定要注释掉,当初就是没有注释这行,导致VPN拨入失败。
require-mppe-128 /etc/ppp/chap-secrets文件内容:
# Secrets for authentication using CHAP
# client server secret IP addresses
username pptpd password *
PPTP Client启动脚本
===========================================
通过crontab每5分钟调用一次,用以确认VPN链路是否正常,
如果VPN链路不能ping通,重新尝试进行VPN连接。 #!/bin/bash export PATH=/bin:/sbin:/usr/bin:/usr/sbin RESULT="/tmp/ping.log" case "$1" in
start)
echo "Startting pptp client..."
/usr/sbin/pptp pptp_server_ip user username &
sleep 10
/sbin/route add -net xxx.xxx.xxx.0/24 gw xxx.xxx.xxx.101
;;
stop)
echo "Stopping pptp client..."
kill -9 `cat /var/run/ppp0.pid`
;;
restart)
$0 stop
$0 start
;;
status)
ping -c 5 xxx.xxx.xxx.xxx > $RESULT
if [ `cat $RESULT | grep 'packets transmitted' | awk -F, '{print $2}' | awk '{print $1}'` -ne 5 ]; then
echo "Restart PPTP client at `date +%Y/%m/%d-%H:%M:%S`." | tee -a /var/log/messages
$0 stop;
$0 start;
rm -f $RESULT
else
echo "PPTP client is running at `date +%Y/%m/%d-%H:%M:%S`." | tee -a /var/log/messages
fi
;;
*)
echo "Usage: $0 start|stop|restart"
exit 1
;;
esac
相关阅读 更多 +
